These are heady days for Chief Compliance Officers. Over the last 20 years, the CCO has moved from the backwater of corporate offices to the front and center of the power structure.
We now have debates over the independence of the CCO from the legal function, the reporting obligations and the relationship between the CCO and the board.
There is no question that CCOs have gained in the corporate structure. But CCOs have to be careful on two important fronts – they cannot overpromise on results, and they have to deliver in tangible ways on the business side of the equation. If CCOs mess up big time, or if they fail to communicate realistic expectations, CCOs will quickly suffer the budget ax and retribution from the board and CEOs in response to any major legal violation or reputational issue.
Putting all of this in context, in Compliance 2.0, the CCO is at the heart of the compliance program. The CCO is the visionary, the keeper of the company’s culture, and the coordinator among all of the compliance functions. The CCO is the heartbeat of a compliance program, and has a lot on their shoulders.
In the Compliance 2.0 model, the CCO has to administer the ethics and compliance program by attending to all of the necessary functions and representing ethics and compliance at all stakeholder meetings. Internally, the CCO is the advocate for compliance and compliance resources.
Most importantly, the CCO has to secure an empowered position within the company. In the Compliance 2.0 model, the CCO reports to the CEO on a regular basis, sits as a member of the senior leadership team, and maintains line of sight across all of the corporate functions.
The CCO’s relationship with the board of directors and the CEO set the tone for the compliance program. Like the Internal Auditor who has ready access to the Audit Committee and additional resources if needed, the CCO has to be treated in a similar manner. The CCO should report to the Audit Committee every quarter for at least 30 minutes, and then reserve a brief period of time for an executive session. Once a year, the CCO should report to the full board of directors.
The CCO is the guardian of the company’s ethical culture, and should be responsible for promoting its culture, monitoring the culture and reporting on the company’s culture to the CEO and the board. The CCO has to recognize that the company’s culture infuses every element of the company’s compliance program.
In view of the CCO’s close working relationship with the CEO, the CCO has to push the CEO to maintain and promote the messaging surrounding the compliance program. In the end, the CEO’s performance and support of the company’s ethics and compliance program will depend on the CCO’s vigilance.
Aside from the CEO and the board, the CCO has to develop effective working relationships with critical components of the company’s support structure, including legal, human resources, internal audit, chief financial officer, comptroller, security, and information technology.
A CCO is a politician that has to know what he or she is talking about (unlike many of our politicians today). For example, the CCO has to manage an internal compliance committee, consisting of important functional leaders. This committee can be a very effective mechanism to ensure success with respect to the ethics and compliance program.
Just as important, the CCO is the ethics and compliance face for interacting with the company’s business operations. A CCO has to develop winning strategies for business and compliance, and move quickly beyond any strategy that relies on simply saying no to business managers. The key for every CCO is to develop a can-do attitude where solutions are found for most business problems.
The CCO’s role is continuing to evolve and the next five years will see more growth and influence in the corporate governance landscape. In Compliance 2.0, the CCO’s success depends on the CCO’s ability to define a vision and implement a plan, recognizing the need for support and assistance from other leaders and functions within the company.